US7930428B2 - Verification of DNS accuracy in cache poisoning - Google Patents
Verification of DNS accuracy in cache poisoning Download PDFInfo
- Publication number
- US7930428B2 US7930428B2 US12/268,446 US26844608A US7930428B2 US 7930428 B2 US7930428 B2 US 7930428B2 US 26844608 A US26844608 A US 26844608A US 7930428 B2 US7930428 B2 US 7930428B2
- Authority
- US
- United States
- Prior art keywords
- dns
- reply
- address
- request
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/18—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits
- G06F11/183—Error detection or correction of the data by redundancy in hardware using passive fault-masking of the redundant circuits by voting, the voting not being performed by the redundant components
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/145—Detection or countermeasures against cache poisoning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
Definitions
- DNS Cache Poisoning In July 2008 Dan Kaminsky disclosed a discovery of a significant number of problems with “DNS Cache Poisoning”.
- the DNS vulnerability stems from shortcomings in the way servers try to ensure IP address information comes from bona fide sources rather than those controlled by miscreants.
- DNS queries include a random transaction number. The response is only considered valid only if it contains the same number.
- DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver.
- DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning. The following are examples of these deficiencies and defects:
- the DNS protocol specification includes a transaction ID field of 16 bits. If the specification is correctly implemented and the transaction ID is randomly selected with a strong random number generator, an attacker will require, on average, 32,768 attempts to successfully predict the ID. Some flawed implementations may use a smaller number of bits for this transaction ID, meaning that fewer attempts will be needed. Furthermore, there are known errors with the randomness of transaction IDs that are generated by a number of implementations. Amit Klein researched several affected implementations in 2007. These are known to those skilled in the art.
- DNS services contain a vulnerability in which multiple identical queries for the same resource record (RR) will generate multiple outstanding queries for that RR. This condition leads to the feasibility of a ‘birthday attack,’ which significantly raises an attacker's chance of success. A number of vendors and implementations have already added mitigations to address this issue.
- Some current implementations allocate an arbitrary port at startup (sometimes selected at random) and reuse this source port for all outgoing queries.
- the source port for outgoing queries is fixed at the traditional assigned DNS server port number, 53/udp.
- Caching DNS resolvers are primarily at risk—both those that are open (a DNS resolver is open if it provides recursive name resolution for clients outside of its administrative domain), and those that are not. These caching resolvers are the most common target for attackers; however, stub resolvers are also at risk.
- a DNS server Once a DNS server has received non-authentic data and caches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of the server until it expires the data.
- an Internet-connected computer uses a DNS server provided by the computer owner's Internet Service Provider, or ISP.
- This DNS server generally serves the ISP's own customers only and contains a small amount of DNS information cached by previous users of the server.
- a poisoning attack on a single ISP DNS server can affect the users serviced directly by the compromised server or indirectly by its downstream server(s) if applicable.
- the attacker exploits a flaw in the Domain Name System architecture which allows it to accept incorrect information. If the server does not correctly validate DNS responses to ensure that they have come from an authoritative source, the server will end up caching the incorrect entries locally and serve them to users that make the same request.
- This technique can be used to replace arbitrary content for a set of victims with content of an attacker's choosing. For example, an attacker poisons the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates fake entries for files on the server they control with names matching those on the target server. These files could contain malicious content, such as a worm or a virus. A user whose computer has referenced the poisoned DNS server would be tricked into thinking that the content comes from the target server and unknowingly download malicious content.
- An early simple variant of DNS of cache poisoning involved redirecting the nameserver of the attacker's domain to the nameserver of the target domain, then assigning that nameserver an IP address specified by the attacker.
- a vulnerable server would cache an additional A-record (IP address) provided in response allowing the attacker to resolve queries to the domain provided as an additional A-record.
- a second later variant of DNS cache poisoning involves redirecting the nameserver of another domain unrelated to the original request to an IP address specified by the attacker.
- a vulnerable server would cache the unrelated authority information allowing the attacker to resolve queries to the unrelated domain.
- DNS Forgery The third and most serious variant of DNS cache poisoning, which is called DNS Forgery, involves beating the real answer to a recursive DNS query back to the DNS server.
- DNS requests contain a 16-bit transaction id, used to identify the response associated with a given request. If the attacker can successfully predict the value of the transaction id and return a reply first, the server will accept the attacker's response as valid. If the server randomizes the source port of the request, the attack may become more difficult, as the fake response must be sent to the same port that the request originated from.
- DNSSEC has been resistant to adoption because of the lack of critical mass.
- DNSSEC has no immediate payback for adopting DNSSEC to the early adopters.
- a most serious attack is hijacking authority records. An attack starts with a flurry of queries, each for a different random name under the main domain. The first request causes the nameserver to perform the usual root-first resolution, but it eventually caches the valid values. Subsequent queries within this domain go directly to that nameserver, skipping the root steps.
- the victim nameserver By poisoning the Authority records for .COM and the like, the victim nameserver will route all DNS lookups to the attacker's nameservers. This effectively hijacks all names under that top level.
- DNS poisoning and other methods of mis-representing DNS could lead to an unsuspecting person thinking he is at a website that is different than the website he is really viewing. This could lead the person to enter confidential passwords, account, credentials or other information. It would be difficult if not impossible for a user to detect this attack.
- DNS traffic There are many products that sit in the path of the DNS traffic and route the data for the DNS request and the DNS response. These products include Ethernet switches, IPS devices, Routers, web filters, and many others.
- a problem with solutions to address the vulnerability in the domain name system is that they can be undone or substantially weakened by routers, firewalls, proxies, and other gateway devices that perform Network Address Translation (NAT)—more specifically Port Address Translation (PAT)—which often rewrite source ports in order to track connection state.
- NAT Network Address Translation
- PAT Port Address Translation
- PAT devices can reduce source port randomness implemented by nameservers and stub resolvers (conversely a PAT device can also increase randomness).
- a PAT device can reduce or eliminate improvements gained by patching DNS software to implement source port randomization.
- the invention is to implement a DNS “double check” to an independent DNS server.
- a DNS request When a DNS request is observed in a passive manner by the checking device it sends a request to 1 or more alternative DNS servers.
- the protocol to communicate with these alternative DNS servers could be a standard DNS protocol or a more secure protocol.
- the secondary DNS server could be either a public service, a private service, or a secondary dns server setup by the network owner.
- the checking device holds the response to the original DNS request until it receives a response from at least one secondary check. Once it receives the response on the secondary check it compares the two responses. If they are the same or close enough that is within a defined range, then it allows the response to proceed to the requester. In this way two or more DNS servers are checked and verified. To fool this system would require the attack and compromising of 2 or more dns servers in the same way at the same time. Furthermore determining which 2 or more DNS servers to compromise would be difficult to determine by any attacker thereby increasing safety.
- FIG. 1 is a block diagram of a data processor suitable for the implementation of this invention
- FIG. 2 is a block diagram of a network illustrating a dns cache poisoning attack
- FIG. 3 is a block diagram of a network handling a conventional dns query
- FIG. 4 is a block diagram of a network handling a conventional dns reply
- FIG. 5 is a block diagram of a network handling a dns second check
- FIG. 6 is a block diagram of a network waiting for a dns second check
- FIG. 7 is a block diagram of a network successfully providing dns second check
- FIG. 8 is a block diagram of a network voting on results of multiple replies
- FIG. 9 is a block diagram of a network blocking an observed query and reply
- FIG. 10 is a flowchart of an embodiment of the invention.
- FIG. 11 is a flowchart of an embodiment of the invention.
- FIG. 12 is a flowchart of an embodiment of the invention.
- the invention controls a processor to perform the following steps:
- a computer executed method for obtaining verified DNS results tangibly encoded on computer readable media controls a processor to perform the following steps:
- a method for verifying DNS accuracy comprising the following steps:
- One of the DNS servers is a trusted DNS server provided by a service, or provides a digital certificate for authentication.
- the DNS servers is selected pseudo-randomly.
- an embodiment changes the source port of the dns query pseudo-randomly and relays a plurality of dns requests to a plurality of dns servers.
- an embodiment compares the first and nth dns reply wherein n is the number of dns servers queried.
- a computer implement method comprises the following steps:
- the system is further complicated by the fact that for some web sites or web services or internet services there may be multiple servers that would be legally returned for a dns request. This means that a mismatch might occur. There are many techniques to overcome this problem.
- a bit mask allows matching on the n most significant bits of an IP address without an exact match to a specified IP address.
- An embodiment of a “close enough” match includes but is not limited to: two IP addresses in the same subnet, two IP addresses within a range of 256, two IP addresses owned by the same company or entity, two IP addresses within a range of 16, 32, 64, 128, or some policy controlled range depending on the geographical locus of the base address. Performing a reverse DNS query to determine that two IP addresses are registered to the same name would be an embodiment. Failure to match exactly or close enough would result in blocking a response.
- a reverse resolver IP database could be used to verify the accuracy rather than a secondary DNS request.
- a reverse DNS request could also be used.
- At least three sources of DNS information can be queried and a majority or a plurality of results can be voted to determine which result to send as a reply.
- a preferred embodiment further comprises the step of generating a transaction id and source port for a dns request using a first pseudo-random algorithm.
- a preferred embodiment further comprises the steps of generating a transaction id and source port for a first dns request using a first pseudo-random algorithm and generating a transaction id and source port for a second dns request using a second pseudo-random algorithm and comparing the contents of the first dns request and the second dns request.
- the apparatus for providing the second dns checking can be implemented in any physical or logical device in the path between a resolver and the external network including but not limited to the following: a switch, a hub, a router, a dns server, a firewall, and a gateway.
- a negative result meaning a contradiction between two dns servers results in a termination.
- Embodiments of a termination include but are not limited to 1. not passing a response to the query, 2. terminating the session, 3. injecting a different reply than either of the two received results.
- a preferred embodiment dynamically selects from a plurality of pseudo-random algorithms for generating a transaction id and source port.
- a preferred embodiment flushes cache if inconsistent responses are received.
- FIG. 1 shows a block diagram of a typical computing system 100 where the preferred embodiment of this invention can be practiced.
- the computer system 100 includes a computer platform having a hardware unit 103 , that implements the methods disclosed below.
- the hardware unit 103 typically includes one or more central processing units (CPUs) 104 , a memory 105 that may include a random access memory (RAM), and an input/output (I/O) interface 106 .
- Various peripheral components may be connected to the computer platform 102 .
- peripheral components include an external data storage device (e.g. tape or disk) 110 where the data used by the preferred embodiment is stored.
- a link 112 may also be included to connect the system 100 to one or more other similar computer systems. The link 112 may also provide access to the global Internet.
- An operating system (OS) 114 coordinates the operation of the various components of the computer system 100 , and is also responsible for managing various objects and files, and for recording certain information regarding same. Lying above the OS 114 is a software tools layer 114 A containing, for example, compilers, interpreters and other software tools. The interpreters, compilers and other tools in the layer 114 A run above the operating system and enable the execution of programs using the methods known to the art.
- One suitable and non-limiting example of computer system 100 is the Barracuda Web Filter.
- Another example is a personal computer running the Linux operating system.
- An example of a suitable CPU is a PentiumTM III processor (trademark of the Intel Corporation); examples of an operating systems is GNU/Linux; examples of an interpreter and a compiler are a Perl interpreter and a C++ compiler.
- PentiumTM III processor trademark of the Intel Corporation
- examples of an operating systems is GNU/Linux
- examples of an interpreter and a compiler are a Perl interpreter and a C++ compiler.
- FIG. 2 an attacker attempts to poison cache by forcing a DNS Server 120 to query for a hitherto unknown IP address. Knowing the forthcoming query, the attacker floods the victim with bogus replies and attempts to guess the transaction id and spoof the victim before the authoritative server provides the correct resource record.
- FIG. 3 a block diagram of a normal dns query process is illustrated, wherein a client 110 requires an IP address, queries its local dns server 120 , which goes to a second dns server 130 . If the reply is in cache 140 it is returned. If an answer is not found in cache, a query is sent to an authoritative server.
- FIG. 4 a block diagram of a normal dns reply is illustrated. The IP address found in cache of DNS server 130 is sent to DNS server 120 which provides it to the client 110 . If the cache 140 has been poisoned, every client who relies upon dns server 130 will receive bogus IP addresses.
- the present invention further comprises a dns server 131 which is protected and may be hidden from attack.
- the dns server 121 receives a reply from dns server 130 but the process of the present invention is to withhold the reply from the client 110 .
- the dns server 121 receives a second reply from a second dns server 131 and upon matching the two replies, forwards the response to the client 110 .
- an embodiment of the invention is the method of querying a plurality of second dns servers 131 and 132 , and voting on the replies. Voting could require a unanimous result or a majority result in embodiments. The result of voting can be to forward the winning reply to the client 110 or withhold any reply from the client 110 .
- an embodiment of the invention is a DNS observer, any logical entity in the path between a client 110 and a dns server 130 .
- the DNS observer is not itself a server but duplicates queries and blocks replies until a match is received from at least one second dns server.
- a flowchart illustrates the steps comprising receiving a dns request, duplicating the request, transmitting the original and the duplicate requests to different servers, waiting for and comparing replies, and propagating the reply if there is a match.
- FIG. 11 a flowchart illustrates the steps if voting based on three or more replies are received. In an embodiment a unanimous result is required. In an embodiment a majority result will be propagated to the client.
- FIG. 12 a flowchart illustrates the step if a passive observer rather than a dns server performs the method of the present invention. This could be a firewall as a non-limiting example.
- the present invention is distinguished by obtaining at least a second reply to a dns query and comparing the content of at least two dns resource record requests before providing a response to a resolver. Even if a cache has been poisoned, the present invention prevents the inaccurate information from being provided to the requesting resolver.
- this invention also encompasses a computer readable media product containing a set of computer executable software instructions for directing the computer system 100 to execute a process for independent confirmation of DNS replies to foil DNS cache poisoning attacks.
- the process comprises comparing a plurality of DNS replies for an exact or predefined “close enough” match as a condition for blocking or forwarding a DNS reply to a resolver.
- the tangible beneficial result is to prevent the success of a dns cache poisoning attack from diverting a user to a malicious site on the internet.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
-
- passively observing a domain name system (dns) request from a resolver to a first server;
- replicating the dns request;
- transmitting the duplicate dns requests one or more times to at least one secondary server;
- holding any response to the original resolver until a plurality of dns replies are received; and
- allowing a response to the original resolver on the condition that two dns replies match in content.
-
- actively receiving a domain name system (dns) request from a resolver;
- replicating the dns request;
- transmitting the dns request to at least one secondary server;
- holding a response to the original resolver until at least one dns reply from a secondary server is received; and
- responding to the original resolver on the condition that two dns replies match in content.
-
- receiving a DNS query and relaying a DNS query to a plurality of DNS servers;
- receiving a plurality of DNS responses and comparing the contents;
- truncating the DNS response to remove authority information unrelated to the original query;
- voting the plurality of DNS responses to determine a winner; and
- relaying the winning DNS response to the originator.
-
- receiving a domain name system (dns) request from a resolver;
- replicating the dns request;
- transmitting the dns request to a primary server and at least one secondary server; and
- responding to the original resolver on the condition that two dns replies match in content.
Claims (17)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/268,446 US7930428B2 (en) | 2008-11-11 | 2008-11-11 | Verification of DNS accuracy in cache poisoning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/268,446 US7930428B2 (en) | 2008-11-11 | 2008-11-11 | Verification of DNS accuracy in cache poisoning |
Publications (2)
Publication Number | Publication Date |
---|---|
US20100121981A1 US20100121981A1 (en) | 2010-05-13 |
US7930428B2 true US7930428B2 (en) | 2011-04-19 |
Family
ID=42166212
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/268,446 Active 2029-07-02 US7930428B2 (en) | 2008-11-11 | 2008-11-11 | Verification of DNS accuracy in cache poisoning |
Country Status (1)
Country | Link |
---|---|
US (1) | US7930428B2 (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110191455A1 (en) * | 2010-02-02 | 2011-08-04 | Patrick Gardner | Using Aggregated DNS Information Originating from Multiple Sources to Detect Anomalous DNS Name Resolutions |
US20120124239A1 (en) * | 2010-11-17 | 2012-05-17 | Hola, Inc. | Method and system for increasing speed of domain name system resolution within a computing device |
US20120144023A1 (en) * | 2010-12-03 | 2012-06-07 | Salesforce.Com, Inc. | Method and system for validating configuration data in a multi-tenant environment |
US20120159636A1 (en) * | 2010-12-16 | 2012-06-21 | Microsoft Corporation | Dns-based determining whether a device is inside a network |
US20120278626A1 (en) * | 2011-04-29 | 2012-11-01 | Verisign, Inc. | DNSSEC Inline Signing |
US20130007850A1 (en) * | 2011-06-30 | 2013-01-03 | Lambert Paul A | Verifying Server Identity |
US20130301626A1 (en) * | 2012-01-11 | 2013-11-14 | Saguna Networks Ltd. | Methods, circuits, devices, systems and associated computer executable code for facilitating access to a content source through a wireless mobile network |
JP2013247674A (en) * | 2012-05-24 | 2013-12-09 | Internatl Business Mach Corp <Ibm> | Method, system, and computer program for identifying rogue domain name service (dns) server (system for detecting presence of rogue domain name service providers through passive monitoring) |
US20140059071A1 (en) * | 2012-01-11 | 2014-02-27 | Saguna Networks Ltd. | Methods, circuits, devices, systems and associated computer executable code for providing domain name resolution |
US20140282847A1 (en) * | 2013-03-15 | 2014-09-18 | Verisign, Inc. | Systems and methods for pre-signing of dnssec enabled zones into record sets |
US8910280B2 (en) | 2012-04-30 | 2014-12-09 | At&T Intellectual Property I, L.P. | Detecting and blocking domain name system cache poisoning attacks |
US8949411B2 (en) | 2010-12-16 | 2015-02-03 | Microsoft Corporation | Determining whether a device is inside a network |
US20150067114A1 (en) * | 2013-08-29 | 2015-03-05 | MasterCard International Incoirporated | Systems and methods for resolving data inconsistencies between domain name systems |
US20150135010A1 (en) * | 2011-09-07 | 2015-05-14 | Scott Thomas MacQuarrie | High availability system, replicator and method |
US9141777B2 (en) | 2012-08-24 | 2015-09-22 | Industrial Technology Research Institute | Authentication method and code setting method and authentication system for electronic apparatus |
US9230037B2 (en) | 2013-01-16 | 2016-01-05 | Sap Se | Identifying and resolving cache poisoning |
US20160269362A1 (en) * | 2013-12-19 | 2016-09-15 | Trend Micro Incorporated | Network security system to intercept inline domain name system requests |
CN106210173A (en) * | 2016-07-29 | 2016-12-07 | 杭州迪普科技有限公司 | DNS replys retransmission method and the device of message |
CN103747005B (en) * | 2014-01-17 | 2018-01-05 | 山石网科通信技术有限公司 | The means of defence and equipment that DNS cache is poisoned |
US10505894B2 (en) * | 2016-10-13 | 2019-12-10 | Microsoft Technology Licensing, Llc | Active and passive method to perform IP to name resolution in organizational environments |
US10623425B2 (en) | 2017-06-01 | 2020-04-14 | Radware, Ltd. | Detection and mitigation of recursive domain name system attacks |
US10938851B2 (en) | 2018-03-29 | 2021-03-02 | Radware, Ltd. | Techniques for defense against domain name system (DNS) cyber-attacks |
Families Citing this family (117)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8028090B2 (en) | 2008-11-17 | 2011-09-27 | Amazon Technologies, Inc. | Request routing utilizing client location information |
US7991910B2 (en) | 2008-11-17 | 2011-08-02 | Amazon Technologies, Inc. | Updating routing information based on client location |
US8321568B2 (en) | 2008-03-31 | 2012-11-27 | Amazon Technologies, Inc. | Content management |
US8447831B1 (en) | 2008-03-31 | 2013-05-21 | Amazon Technologies, Inc. | Incentive driven content delivery |
US8533293B1 (en) | 2008-03-31 | 2013-09-10 | Amazon Technologies, Inc. | Client side cache management |
US8601090B1 (en) | 2008-03-31 | 2013-12-03 | Amazon Technologies, Inc. | Network resource identification |
US8156243B2 (en) | 2008-03-31 | 2012-04-10 | Amazon Technologies, Inc. | Request routing |
US7970820B1 (en) | 2008-03-31 | 2011-06-28 | Amazon Technologies, Inc. | Locality based content distribution |
US8606996B2 (en) | 2008-03-31 | 2013-12-10 | Amazon Technologies, Inc. | Cache optimization |
US7962597B2 (en) | 2008-03-31 | 2011-06-14 | Amazon Technologies, Inc. | Request routing based on class |
CN101583229B (en) * | 2008-05-15 | 2013-01-09 | 杭州茂力半导体技术有限公司 | Multi-discharge lamp parallel driving circuit and driving method |
US9407681B1 (en) | 2010-09-28 | 2016-08-02 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US9912740B2 (en) | 2008-06-30 | 2018-03-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US7925782B2 (en) | 2008-06-30 | 2011-04-12 | Amazon Technologies, Inc. | Request routing using network computing components |
US8732309B1 (en) | 2008-11-17 | 2014-05-20 | Amazon Technologies, Inc. | Request routing utilizing cost information |
US8122098B1 (en) | 2008-11-17 | 2012-02-21 | Amazon Technologies, Inc. | Managing content delivery network service providers by a content broker |
US8060616B1 (en) | 2008-11-17 | 2011-11-15 | Amazon Technologies, Inc. | Managing CDN registration by a storage provider |
US8073940B1 (en) | 2008-11-17 | 2011-12-06 | Amazon Technologies, Inc. | Managing content delivery network service providers |
US8065417B1 (en) | 2008-11-17 | 2011-11-22 | Amazon Technologies, Inc. | Service provider registration by a content broker |
US8521880B1 (en) | 2008-11-17 | 2013-08-27 | Amazon Technologies, Inc. | Managing content delivery network service providers |
WO2010059955A2 (en) * | 2008-11-20 | 2010-05-27 | Mark Kevin Shull | Domain based authentication scheme |
US8688837B1 (en) | 2009-03-27 | 2014-04-01 | Amazon Technologies, Inc. | Dynamically translating resource identifiers for request routing using popularity information |
US8412823B1 (en) | 2009-03-27 | 2013-04-02 | Amazon Technologies, Inc. | Managing tracking information entries in resource cache components |
US8756341B1 (en) | 2009-03-27 | 2014-06-17 | Amazon Technologies, Inc. | Request routing utilizing popularity information |
US8521851B1 (en) | 2009-03-27 | 2013-08-27 | Amazon Technologies, Inc. | DNS query processing using resource identifiers specifying an application broker |
US9270646B2 (en) * | 2009-04-20 | 2016-02-23 | Citrix Systems, Inc. | Systems and methods for generating a DNS query to improve resistance against a DNS attack |
US8782236B1 (en) | 2009-06-16 | 2014-07-15 | Amazon Technologies, Inc. | Managing resources using resource expiration data |
US8397073B1 (en) | 2009-09-04 | 2013-03-12 | Amazon Technologies, Inc. | Managing secure content in a content delivery network |
US8433771B1 (en) | 2009-10-02 | 2013-04-30 | Amazon Technologies, Inc. | Distribution network with forward resource propagation |
US8370933B1 (en) * | 2009-11-24 | 2013-02-05 | Symantec Corporation | Systems and methods for detecting the insertion of poisoned DNS server addresses into DHCP servers |
FR2955405B1 (en) * | 2010-01-19 | 2015-08-21 | Alcatel Lucent | METHOD AND SYSTEM FOR PREVENTING POISONING OF DNS CACES |
US9495338B1 (en) | 2010-01-28 | 2016-11-15 | Amazon Technologies, Inc. | Content distribution network |
US8996669B2 (en) * | 2010-04-02 | 2015-03-31 | Nominum, Inc. | Internet improvement platform with learning module |
US8924528B1 (en) | 2010-09-28 | 2014-12-30 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US10097398B1 (en) | 2010-09-28 | 2018-10-09 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8468247B1 (en) | 2010-09-28 | 2013-06-18 | Amazon Technologies, Inc. | Point of presence management in request routing |
US10958501B1 (en) | 2010-09-28 | 2021-03-23 | Amazon Technologies, Inc. | Request routing information based on client IP groupings |
US8577992B1 (en) | 2010-09-28 | 2013-11-05 | Amazon Technologies, Inc. | Request routing management based on network components |
US9003035B1 (en) | 2010-09-28 | 2015-04-07 | Amazon Technologies, Inc. | Point of presence management in request routing |
US8819283B2 (en) | 2010-09-28 | 2014-08-26 | Amazon Technologies, Inc. | Request routing in a networked environment |
US9712484B1 (en) | 2010-09-28 | 2017-07-18 | Amazon Technologies, Inc. | Managing request routing information utilizing client identifiers |
US8930513B1 (en) | 2010-09-28 | 2015-01-06 | Amazon Technologies, Inc. | Latency measurement in resource requests |
US8938526B1 (en) | 2010-09-28 | 2015-01-20 | Amazon Technologies, Inc. | Request routing management based on network components |
US8452874B2 (en) | 2010-11-22 | 2013-05-28 | Amazon Technologies, Inc. | Request routing processing |
US9391949B1 (en) * | 2010-12-03 | 2016-07-12 | Amazon Technologies, Inc. | Request routing processing |
US8769060B2 (en) | 2011-01-28 | 2014-07-01 | Nominum, Inc. | Systems and methods for providing DNS services |
US10467042B1 (en) | 2011-04-27 | 2019-11-05 | Amazon Technologies, Inc. | Optimized deployment based upon customer locality |
US8904009B1 (en) | 2012-02-10 | 2014-12-02 | Amazon Technologies, Inc. | Dynamic content delivery |
US10021179B1 (en) | 2012-02-21 | 2018-07-10 | Amazon Technologies, Inc. | Local resource delivery network |
US9172674B1 (en) | 2012-03-21 | 2015-10-27 | Amazon Technologies, Inc. | Managing request routing information utilizing performance information |
US10623408B1 (en) | 2012-04-02 | 2020-04-14 | Amazon Technologies, Inc. | Context sensitive object management |
US9154551B1 (en) | 2012-06-11 | 2015-10-06 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US9525659B1 (en) | 2012-09-04 | 2016-12-20 | Amazon Technologies, Inc. | Request routing utilizing point of presence load information |
US9135048B2 (en) | 2012-09-20 | 2015-09-15 | Amazon Technologies, Inc. | Automated profiling of resource usage |
US9323577B2 (en) | 2012-09-20 | 2016-04-26 | Amazon Technologies, Inc. | Automated profiling of resource usage |
CN104969515B (en) * | 2012-11-05 | 2018-04-27 | 柏思科技有限公司 | Handle the method and gateway of DNS request |
US10142282B2 (en) * | 2012-11-05 | 2018-11-27 | Pismo Labs Technology Limited | Methods and gateways for processing DNS request |
US10205698B1 (en) | 2012-12-19 | 2019-02-12 | Amazon Technologies, Inc. | Source-dependent address resolution |
WO2014101023A1 (en) * | 2012-12-26 | 2014-07-03 | 华为技术有限公司 | Method and device for preventing service illegal access |
CN103973506B (en) * | 2013-01-30 | 2016-10-12 | 腾讯科技(深圳)有限公司 | A kind of domain name method of calibration, Apparatus and system |
US10164989B2 (en) | 2013-03-15 | 2018-12-25 | Nominum, Inc. | Distinguishing human-driven DNS queries from machine-to-machine DNS queries |
US9215123B1 (en) | 2013-03-15 | 2015-12-15 | Nominum, Inc. | DNS requests analysis |
CN104219335B (en) * | 2013-05-30 | 2018-08-24 | 张大顺 | A kind of processing method of DNS request, apparatus and system |
JP5930546B2 (en) * | 2013-05-30 | 2016-06-08 | 日本電信電話株式会社 | DNS server investigation device and DNS server investigation method |
US9294391B1 (en) | 2013-06-04 | 2016-03-22 | Amazon Technologies, Inc. | Managing network computing components utilizing request routing |
CN104348669B (en) * | 2013-07-23 | 2019-04-23 | 深圳市腾讯计算机系统有限公司 | A kind of Domain Hijacking detection method, system and device |
CN103561120B (en) * | 2013-10-08 | 2017-06-06 | 北京奇虎科技有限公司 | Detect method, the processing method of device and suspicious DNS, the system of suspicious DNS |
GB2518460B (en) * | 2013-12-09 | 2015-10-28 | F Secure Corp | Unauthorised/Malicious redirection |
CN109889618B (en) | 2014-04-22 | 2022-08-16 | 柏思科技有限公司 | Method and system for processing DNS request |
US9870534B1 (en) | 2014-11-06 | 2018-01-16 | Nominum, Inc. | Predicting network activities associated with a given site |
US9641547B2 (en) | 2014-12-13 | 2017-05-02 | Security Scorecard, Inc. | Entity IP mapping |
US10097448B1 (en) | 2014-12-18 | 2018-10-09 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10033627B1 (en) | 2014-12-18 | 2018-07-24 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10091096B1 (en) | 2014-12-18 | 2018-10-02 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US10225326B1 (en) | 2015-03-23 | 2019-03-05 | Amazon Technologies, Inc. | Point of presence based data uploading |
US9887932B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9819567B1 (en) | 2015-03-30 | 2017-11-14 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9887931B1 (en) | 2015-03-30 | 2018-02-06 | Amazon Technologies, Inc. | Traffic surge management for points of presence |
US9832141B1 (en) | 2015-05-13 | 2017-11-28 | Amazon Technologies, Inc. | Routing based request correlation |
US10616179B1 (en) | 2015-06-25 | 2020-04-07 | Amazon Technologies, Inc. | Selective routing of domain name system (DNS) requests |
US10097566B1 (en) | 2015-07-31 | 2018-10-09 | Amazon Technologies, Inc. | Identifying targets of network attacks |
KR101702102B1 (en) * | 2015-08-13 | 2017-02-13 | 주식회사 케이티 | Internet connect apparatus, central management server and internet connect method |
US9794281B1 (en) | 2015-09-24 | 2017-10-17 | Amazon Technologies, Inc. | Identifying sources of network attacks |
US9774619B1 (en) | 2015-09-24 | 2017-09-26 | Amazon Technologies, Inc. | Mitigating network attacks |
US9742795B1 (en) | 2015-09-24 | 2017-08-22 | Amazon Technologies, Inc. | Mitigating network attacks |
US10270878B1 (en) | 2015-11-10 | 2019-04-23 | Amazon Technologies, Inc. | Routing for origin-facing points of presence |
US10257307B1 (en) | 2015-12-11 | 2019-04-09 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10049051B1 (en) | 2015-12-11 | 2018-08-14 | Amazon Technologies, Inc. | Reserved cache space in content delivery networks |
US10270806B2 (en) * | 2015-12-15 | 2019-04-23 | Microsoft Technology Licensing, Llc | Defense against NXDOMAIN hijacking in domain name systems |
US10348639B2 (en) | 2015-12-18 | 2019-07-09 | Amazon Technologies, Inc. | Use of virtual endpoints to improve data transmission rates |
US10708226B2 (en) * | 2016-01-29 | 2020-07-07 | Verisign, Inc. | Domain name resolution |
CN105939337B (en) * | 2016-03-09 | 2019-08-06 | 杭州迪普科技股份有限公司 | The means of defence and device that DNS cache is poisoned |
US10075551B1 (en) | 2016-06-06 | 2018-09-11 | Amazon Technologies, Inc. | Request management for hierarchical cache |
US10110694B1 (en) | 2016-06-29 | 2018-10-23 | Amazon Technologies, Inc. | Adaptive transfer rate for retrieving content from a server |
US10686753B2 (en) * | 2016-07-13 | 2020-06-16 | DNSthingy Inc. | Method and router to permit or block internet protocol (IP) connectivity based on originating domain name server (DNS) requests |
US10110614B2 (en) * | 2016-07-28 | 2018-10-23 | Verisign, Inc. | Strengthening integrity assurances for DNS data |
US9992086B1 (en) | 2016-08-23 | 2018-06-05 | Amazon Technologies, Inc. | External health checking of virtual private cloud network environments |
US10033691B1 (en) | 2016-08-24 | 2018-07-24 | Amazon Technologies, Inc. | Adaptive resolution of domain name requests in virtual private cloud network environments |
US10505961B2 (en) | 2016-10-05 | 2019-12-10 | Amazon Technologies, Inc. | Digitally signed network address |
FR3061388A1 (en) | 2016-12-23 | 2018-06-29 | Orange | METHODS OF VALIDATING DELIVERY OF CONTENT AND VERIFYING DELEGATION OF DELIVERY OF CONTENT, DEVICES AND CORRESPONDING COMPUTER PROGRAM PRODUCTS. |
US10831549B1 (en) | 2016-12-27 | 2020-11-10 | Amazon Technologies, Inc. | Multi-region request-driven code execution system |
US10372499B1 (en) | 2016-12-27 | 2019-08-06 | Amazon Technologies, Inc. | Efficient region selection system for executing request-driven code |
US10938884B1 (en) | 2017-01-30 | 2021-03-02 | Amazon Technologies, Inc. | Origin server cloaking using virtual private cloud network environments |
US10503613B1 (en) | 2017-04-21 | 2019-12-10 | Amazon Technologies, Inc. | Efficient serving of resources during server unavailability |
US11075987B1 (en) | 2017-06-12 | 2021-07-27 | Amazon Technologies, Inc. | Load estimating content delivery network |
US10447648B2 (en) | 2017-06-19 | 2019-10-15 | Amazon Technologies, Inc. | Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP |
US10742593B1 (en) | 2017-09-25 | 2020-08-11 | Amazon Technologies, Inc. | Hybrid content request routing system |
US10592578B1 (en) | 2018-03-07 | 2020-03-17 | Amazon Technologies, Inc. | Predictive content push-enabled content delivery network |
CN110505176B9 (en) * | 2018-05-16 | 2023-04-11 | 中兴通讯股份有限公司 | Method and device for determining and sending message priority, and routing system |
US10862852B1 (en) | 2018-11-16 | 2020-12-08 | Amazon Technologies, Inc. | Resolution of domain name requests in heterogeneous network environments |
US10834201B2 (en) * | 2018-11-27 | 2020-11-10 | International Business Machines Corporation | Device identification and reconfiguration in a network |
US11025747B1 (en) | 2018-12-12 | 2021-06-01 | Amazon Technologies, Inc. | Content request pattern-based routing system |
US11201853B2 (en) * | 2019-01-10 | 2021-12-14 | Vmware, Inc. | DNS cache protection |
US10855644B1 (en) | 2019-09-09 | 2020-12-01 | Vmware, Inc. | Address resolution protocol entry verification |
CN110769004B (en) * | 2019-11-05 | 2020-07-14 | 中国人民解放军国防科技大学 | DNS anti-pollution method used in DNS client or proxy server |
US11575646B2 (en) * | 2020-03-12 | 2023-02-07 | Vmware, Inc. | Domain name service (DNS) server cache table validation |
CN114615175B (en) * | 2022-05-10 | 2022-07-29 | 鹏城实验室 | Service verification method, device and computer readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020010798A1 (en) * | 2000-04-20 | 2002-01-24 | Israel Ben-Shaul | Differentiated content and application delivery via internet |
US20060161444A1 (en) * | 2005-01-18 | 2006-07-20 | Microsoft Corporation | Methods for standards management |
US20070261112A1 (en) * | 2006-05-08 | 2007-11-08 | Electro Guard Corp. | Network Security Device |
US7296155B1 (en) * | 2001-06-08 | 2007-11-13 | Cisco Technology, Inc. | Process and system providing internet protocol security without secure domain resolution |
-
2008
- 2008-11-11 US US12/268,446 patent/US7930428B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020010798A1 (en) * | 2000-04-20 | 2002-01-24 | Israel Ben-Shaul | Differentiated content and application delivery via internet |
US7296155B1 (en) * | 2001-06-08 | 2007-11-13 | Cisco Technology, Inc. | Process and system providing internet protocol security without secure domain resolution |
US20060161444A1 (en) * | 2005-01-18 | 2006-07-20 | Microsoft Corporation | Methods for standards management |
US20070261112A1 (en) * | 2006-05-08 | 2007-11-08 | Electro Guard Corp. | Network Security Device |
Non-Patent Citations (3)
Title |
---|
IETF RFC 1034 Nov. 1987 Domain Names-Concepts and Facilities. |
IETF RFC 1034 Nov. 1987 Domain Names—Concepts and Facilities. |
IETF RFC 3833 Aug. 2004 Threat Analysis of the Domain Name System (DNS). |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8321551B2 (en) * | 2010-02-02 | 2012-11-27 | Symantec Corporation | Using aggregated DNS information originating from multiple sources to detect anomalous DNS name resolutions |
US20110191455A1 (en) * | 2010-02-02 | 2011-08-04 | Patrick Gardner | Using Aggregated DNS Information Originating from Multiple Sources to Detect Anomalous DNS Name Resolutions |
US9043429B2 (en) | 2010-11-17 | 2015-05-26 | Hola Networks Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US20190081922A1 (en) * | 2010-11-17 | 2019-03-14 | Hola Newco Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US8671221B2 (en) * | 2010-11-17 | 2014-03-11 | Hola Networks Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US20120124239A1 (en) * | 2010-11-17 | 2012-05-17 | Hola, Inc. | Method and system for increasing speed of domain name system resolution within a computing device |
US9866523B2 (en) | 2010-11-17 | 2018-01-09 | Hola Newco Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US9515981B2 (en) | 2010-11-17 | 2016-12-06 | Hola Networks Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US10148612B2 (en) | 2010-11-17 | 2018-12-04 | Hola Newco Ltd. | Method and system for increasing speed of domain name system resolution within a computing device |
US20120144023A1 (en) * | 2010-12-03 | 2012-06-07 | Salesforce.Com, Inc. | Method and system for validating configuration data in a multi-tenant environment |
US8566449B2 (en) * | 2010-12-03 | 2013-10-22 | Salesforce.Com, Inc. | Method and system for validating configuration data in a multi-tenant environment |
US8949411B2 (en) | 2010-12-16 | 2015-02-03 | Microsoft Corporation | Determining whether a device is inside a network |
US9313085B2 (en) * | 2010-12-16 | 2016-04-12 | Microsoft Technology Licensing, Llc | DNS-based determining whether a device is inside a network |
US9722966B2 (en) | 2010-12-16 | 2017-08-01 | Microsoft Technology Licensing, Llc | DNS-based determining whether a device is inside a network |
US20120159636A1 (en) * | 2010-12-16 | 2012-06-21 | Microsoft Corporation | Dns-based determining whether a device is inside a network |
US20120278626A1 (en) * | 2011-04-29 | 2012-11-01 | Verisign, Inc. | DNSSEC Inline Signing |
US8645700B2 (en) * | 2011-04-29 | 2014-02-04 | Verisign, Inc. | DNSSEC inline signing |
US9137255B2 (en) * | 2011-06-30 | 2015-09-15 | Marvell World Trade Ltd. | Verifying server identity |
US20130007850A1 (en) * | 2011-06-30 | 2013-01-03 | Lambert Paul A | Verifying Server Identity |
US20150135010A1 (en) * | 2011-09-07 | 2015-05-14 | Scott Thomas MacQuarrie | High availability system, replicator and method |
US9642169B2 (en) * | 2012-01-11 | 2017-05-02 | Saguna Networks Ltd. | Methods, circuits, devices, systems and associated computer executable code for facilitating access to a content source through a wireless mobile network |
US20140059071A1 (en) * | 2012-01-11 | 2014-02-27 | Saguna Networks Ltd. | Methods, circuits, devices, systems and associated computer executable code for providing domain name resolution |
US20130301626A1 (en) * | 2012-01-11 | 2013-11-14 | Saguna Networks Ltd. | Methods, circuits, devices, systems and associated computer executable code for facilitating access to a content source through a wireless mobile network |
US8910280B2 (en) | 2012-04-30 | 2014-12-09 | At&T Intellectual Property I, L.P. | Detecting and blocking domain name system cache poisoning attacks |
JP2013247674A (en) * | 2012-05-24 | 2013-12-09 | Internatl Business Mach Corp <Ibm> | Method, system, and computer program for identifying rogue domain name service (dns) server (system for detecting presence of rogue domain name service providers through passive monitoring) |
US9141777B2 (en) | 2012-08-24 | 2015-09-22 | Industrial Technology Research Institute | Authentication method and code setting method and authentication system for electronic apparatus |
US9230037B2 (en) | 2013-01-16 | 2016-01-05 | Sap Se | Identifying and resolving cache poisoning |
US9961110B2 (en) * | 2013-03-15 | 2018-05-01 | Verisign, Inc. | Systems and methods for pre-signing of DNSSEC enabled zones into record sets |
US20140282847A1 (en) * | 2013-03-15 | 2014-09-18 | Verisign, Inc. | Systems and methods for pre-signing of dnssec enabled zones into record sets |
US9680790B2 (en) * | 2013-08-29 | 2017-06-13 | Mastercard International Incorporated | Systems and methods for resolving data inconsistencies between domain name systems |
US10091158B2 (en) * | 2013-08-29 | 2018-10-02 | Mastercard International Incorporated | Systems and methods for resolving data inconsistencies between domain name systems |
US20150067114A1 (en) * | 2013-08-29 | 2015-03-05 | MasterCard International Incoirporated | Systems and methods for resolving data inconsistencies between domain name systems |
US20160269362A1 (en) * | 2013-12-19 | 2016-09-15 | Trend Micro Incorporated | Network security system to intercept inline domain name system requests |
US10135785B2 (en) * | 2013-12-19 | 2018-11-20 | Trend Micro Incorporated | Network security system to intercept inline domain name system requests |
CN103747005B (en) * | 2014-01-17 | 2018-01-05 | 山石网科通信技术有限公司 | The means of defence and equipment that DNS cache is poisoned |
CN106210173A (en) * | 2016-07-29 | 2016-12-07 | 杭州迪普科技有限公司 | DNS replys retransmission method and the device of message |
US10505894B2 (en) * | 2016-10-13 | 2019-12-10 | Microsoft Technology Licensing, Llc | Active and passive method to perform IP to name resolution in organizational environments |
US10623425B2 (en) | 2017-06-01 | 2020-04-14 | Radware, Ltd. | Detection and mitigation of recursive domain name system attacks |
US10938851B2 (en) | 2018-03-29 | 2021-03-02 | Radware, Ltd. | Techniques for defense against domain name system (DNS) cyber-attacks |
Also Published As
Publication number | Publication date |
---|---|
US20100121981A1 (en) | 2010-05-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7930428B2 (en) | Verification of DNS accuracy in cache poisoning | |
US11216514B2 (en) | Secure DNS query | |
Kührer et al. | Going wild: Large-scale classification of open DNS resolvers | |
US7620733B1 (en) | DNS anti-spoofing using UDP | |
EP1866783B1 (en) | System and method for detecting and mitigating dns spoofing trojans | |
US6961783B1 (en) | DNS server access control system and method | |
Borgolte et al. | Cloud strife: mitigating the security risks of domain-validated certificates | |
US20080060054A1 (en) | Method and system for dns-based anti-pharming | |
Schomp et al. | Assessing DNS vulnerability to record injection | |
Zhao et al. | Analysis of privacy disclosure in DNS query | |
Chiba et al. | DomainChroma: Building actionable threat intelligence from malicious domain names | |
Schmid | Thirty years of DNS insecurity: Current issues and perspectives | |
Alowaisheq et al. | Zombie awakening: Stealthy hijacking of active domains through DNS hosting referral | |
Noborio et al. | A feasible motion-planning algorithm for a mobile robot based on a quadtree representation | |
Schwittmann et al. | Domain impersonation is feasible: a study of ca domain validation vulnerabilities | |
Shulman et al. | Towards forensic analysis of attacks with DNSSEC | |
Van Der Toorn et al. | Addressing the challenges of modern DNS a comprehensive tutorial | |
Li et al. | The Maginot Line: Attacking the Boundary of {DNS} Caching Protection | |
Grothoff et al. | NSA’s MORECOWBELL: knell for DNS | |
EP3637739B1 (en) | Method for validating ownership of a domain name, coordinating agent and validation agent | |
Rajendran et al. | Domain name system (dns) security: Attacks identification and protection methods | |
Sinha et al. | CookieArmor: Safeguarding against cross‐site request forgery and session hijacking | |
Shulman et al. | DNSSEC for cyber forensics | |
Singh et al. | Spoofing attacks of domain name system internet | |
van der Toorn et al. | Computer Science Review |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: BARRACUDA NETWORKS, INC,CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DRAKO, DEAN, MR.;REEL/FRAME:021813/0042 Effective date: 20081110 Owner name: BARRACUDA NETWORKS, INC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DRAKO, DEAN, MR.;REEL/FRAME:021813/0042 Effective date: 20081110 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: SILICON VALLEY BANK, CALIFORNIA Free format text: SECURITY INTEREST;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:029218/0107 Effective date: 20121003 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: BARRACUDA NETWORKS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SILICON VALLEY BANK, AS ADMINISTRATIVE AGENT;REEL/FRAME:045027/0870 Effective date: 20180102 |
|
AS | Assignment |
Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW YORK Free format text: FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:045327/0877 Effective date: 20180212 Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW YORK Free format text: SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:045327/0934 Effective date: 20180212 Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW Y Free format text: SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:045327/0934 Effective date: 20180212 Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW Y Free format text: FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:045327/0877 Effective date: 20180212 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552) Year of fee payment: 8 |
|
AS | Assignment |
Owner name: BARRACUDA NETWORKS, INC., CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN INTELLECTUAL PROPERTY RECORDED AT R/F 045327/0934;ASSIGNOR:GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT;REEL/FRAME:048895/0841 Effective date: 20190415 |
|
AS | Assignment |
Owner name: GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT, NEW YORK Free format text: SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:BARRAUDA NETWORKS, INC.;REEL/FRAME:054260/0746 Effective date: 20201030 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |
|
AS | Assignment |
Owner name: BARRACUDA NETWORKS, INC., CALIFORNIA Free format text: RELEASE OF SECOND LIEN SECURITY INTEREST IN IP RECORDED AT R/F 054260/0746;ASSIGNOR:GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT;REEL/FRAME:061521/0086 Effective date: 20220815 Owner name: BARRACUDA NETWORKS, INC., CALIFORNIA Free format text: RELEASE OF FIRST LIEN SECURITY INTEREST IN IP RECORDED AT R/F 045327/0877;ASSIGNOR:GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT;REEL/FRAME:061179/0602 Effective date: 20220815 |
|
AS | Assignment |
Owner name: KKR LOAN ADMINISTRATION SERVICES LLC, AS COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:061377/0231 Effective date: 20220815 Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONNECTICUT Free format text: SECURITY INTEREST;ASSIGNOR:BARRACUDA NETWORKS, INC.;REEL/FRAME:061377/0208 Effective date: 20220815 |